1. Field of Invention
The present invention relates generally to the field of communications systems, and more particularly in one exemplary aspect to efficiently distribute and store virtual access control clients within a network.
2. Description of Related Technology
Access control is required for secure communication in most prior art wireless radio communication systems. As an example, one simple access control scheme might include: (i) verifying the identity of a communicating party, and (ii) granting a level of access commensurate with the verified identity. Within the context of an exemplary cellular system (e.g., Universal Mobile Telecommunications System (UMTS)), access control is governed by an access control client, referred to as a Universal Subscriber Identity Module (USIM) executing on a physical Universal Integrated Circuit Card (UICC). The USIM access control client authenticates the subscriber to the UMTS cellular network. After successful authentication, the subscriber is allowed access to the cellular network. As used hereinafter, the term “access control client” refers generally to a logical entity, either embodied within hardware or software, suited for controlling access of a first device to a network. Common examples of access control clients include the aforementioned USIM, CDMA Subscriber Identification Modules (CSIM), IP Multimedia Services Identity Module (ISM), Subscriber Identity Modules (SIM), Removable User Identity Modules (RUIM), etc.
Traditionally, the USIM (or more generally “SIM”) performs the well known Authentication and Key Agreement (AKA) procedure, which verifies and decrypts the applicable data and programs to ensure secure initialization. Specifically, the USIM must both (i) successfully answer a remote challenge to prove its identity to the network operator, and (ii) issue a challenge to verify the identity of the network.
While traditional SIM solutions are embodied within a removable Integrated Circuit Card (ICC) (also referred to as a “SIM card”), incipient research by the Assignee hereof is directed to virtualizing SIM operation within a software client executing within the mobile device. Virtualized SIM operation can reduce device size, increase device functionality, and provide greater flexibility.
Unfortunately, virtualized SIM operation also presents multiple new challenges for network operators and device manufacturers. For example, traditional SIM cards are manufactured and guaranteed by a trusted SIM vendor. These traditional SIM cards execute a single secure version of software that has been permanently “burned” to the SIM card. Once burned, the card cannot be tampered with (without also destroying the SIM card). Distribution of these cards is a simple process of shipping the cards to distribution centers, retail outlets, and/or customers.
In contrast, virtualized SIMs can be readily copied, multiplied, etc. Since each SIM represents a contracted for amount of access to finite network resources, illicit use of a virtualized SIM can greatly impact network operation and user experience. Accordingly, new distribution infrastructures are required for virtualized SIM delivery. Ideally, such new distribution infrastructures must (i) enforce SIM conservation, (ii) prevent excessive network traffic (also termed “bottle necking”), and (iii) offer reasonable disaster recovery capabilities.